Billions of users rely on monolithic operating systems to protect their data, but nothing prevents attackers from exploiting the operating system itself. Once exploited, an operating system provides access to all information on the system. In this talk I describe one of my explorations into making *trusted* software more trustworthy. The Nested Kernel retrofits an efficient, tamper-proof security monitor directly into traditional operating system design to both strengthen its defense and limit successful attackers. The result is that the Nested Kernel reduces the code allowed to modify security policies by two orders of magnitude, while efficiently restricting malicious operating system behavior and being portable to both systems software and diverse hardware. FreeBSD and Xen prototypes demonstrate that it is possible to retrofit security into existing and popular systems with explicit and powerful micro-protection facilities, establishing the foundation for future exploration in operating system security. After describing the Nested Kernel, I will sketch a path forward for a “micro-evolution” of monolithic systems, which I intend to exploit for operating system hardening and verification: a must for gaining any assurance in our computing stacks.

Bio:

Nathan Dautenhahn is a postdoctoral researcher in the Department of Computer and Information Science at the University Pennsylvania. He earned his doctorate in Computer Science from the University of Illinois at Urbana-Champaign in August of 2016. His research investigates trustworthy system design by developing experimental operating systems, compilers, and hardware components, which has led to publications in key security and systems venues, including IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. His dissertation, on the Nested Kernel, identifies solutions for defending against insecure and malicious operating systems. The Nested Kernel is under consideration for inclusion in HardenedBSD (a variant of FreeBSD) and employed by others integrating it into Linux. Dautenhahn actively contributes to graduate education and service by participating in many activities, such as creating the Doctoral Education Perspectives seminar, formally mentoring undergraduate and graduate students, and serving on the Computer Science Graduate Academic Council and the Engineering Graduate Student Advisory Committee.